diff options
| author | Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com> | 2008-10-22 17:15:00 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-23 11:55:01 -0400 |
| commit | 4afe978530702c934dfdb11f54073136818b2119 (patch) | |
| tree | 5f7fb9539b46c0b390157f55c84017e14b7f605c /fs/jbd/journal.c | |
| parent | 66f50ee3cee4c9d98eea0add6f439e6e5e0ca4a5 (diff) | |
jbd: fix error handling for checkpoint io
When a checkpointing IO fails, current JBD code doesn't check the error
and continue journaling. This means latest metadata can be lost from both
the journal and filesystem.
This patch leaves the failed metadata blocks in the journal space and
aborts journaling in the case of log_do_checkpoint(). To achieve this, we
need to do:
1. don't remove the failed buffer from the checkpoint list where in
the case of __try_to_free_cp_buf() because it may be released or
overwritten by a later transaction
2. log_do_checkpoint() is the last chance, remove the failed buffer
from the checkpoint list and abort the journal
3. when checkpointing fails, don't update the journal super block to
prevent the journaled contents from being cleaned. For safety,
don't update j_tail and j_tail_sequence either
4. when checkpointing fails, notify this error to the ext3 layer so
that ext3 don't clear the needs_recovery flag, otherwise the
journaled contents are ignored and cleaned in the recovery phase
5. if the recovery fails, keep the needs_recovery flag
6. prevent cleanup_journal_tail() from being called between
__journal_drop_transaction() and journal_abort() (a race issue
between journal_flush() and __log_wait_for_space()
Signed-off-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
Acked-by: Jan Kara <jack@suse.cz>
Cc: <linux-ext4@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/jbd/journal.c')
| -rw-r--r-- | fs/jbd/journal.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/fs/jbd/journal.c b/fs/jbd/journal.c index aa7143a8349b..9e4fa52d7dc8 100644 --- a/fs/jbd/journal.c +++ b/fs/jbd/journal.c | |||
| @@ -1121,9 +1121,12 @@ recovery_error: | |||
| 1121 | * | 1121 | * |
| 1122 | * Release a journal_t structure once it is no longer in use by the | 1122 | * Release a journal_t structure once it is no longer in use by the |
| 1123 | * journaled object. | 1123 | * journaled object. |
| 1124 | * Return <0 if we couldn't clean up the journal. | ||
| 1124 | */ | 1125 | */ |
| 1125 | void journal_destroy(journal_t *journal) | 1126 | int journal_destroy(journal_t *journal) |
| 1126 | { | 1127 | { |
| 1128 | int err = 0; | ||
| 1129 | |||
| 1127 | /* Wait for the commit thread to wake up and die. */ | 1130 | /* Wait for the commit thread to wake up and die. */ |
| 1128 | journal_kill_thread(journal); | 1131 | journal_kill_thread(journal); |
| 1129 | 1132 | ||
| @@ -1146,11 +1149,16 @@ void journal_destroy(journal_t *journal) | |||
| 1146 | J_ASSERT(journal->j_checkpoint_transactions == NULL); | 1149 | J_ASSERT(journal->j_checkpoint_transactions == NULL); |
| 1147 | spin_unlock(&journal->j_list_lock); | 1150 | spin_unlock(&journal->j_list_lock); |
| 1148 | 1151 | ||
| 1149 | /* We can now mark the journal as empty. */ | ||
| 1150 | journal->j_tail = 0; | ||
| 1151 | journal->j_tail_sequence = ++journal->j_transaction_sequence; | ||
| 1152 | if (journal->j_sb_buffer) { | 1152 | if (journal->j_sb_buffer) { |
| 1153 | journal_update_superblock(journal, 1); | 1153 | if (!is_journal_aborted(journal)) { |
| 1154 | /* We can now mark the journal as empty. */ | ||
| 1155 | journal->j_tail = 0; | ||
| 1156 | journal->j_tail_sequence = | ||
| 1157 | ++journal->j_transaction_sequence; | ||
| 1158 | journal_update_superblock(journal, 1); | ||
| 1159 | } else { | ||
| 1160 | err = -EIO; | ||
| 1161 | } | ||
| 1154 | brelse(journal->j_sb_buffer); | 1162 | brelse(journal->j_sb_buffer); |
| 1155 | } | 1163 | } |
| 1156 | 1164 | ||
| @@ -1160,6 +1168,8 @@ void journal_destroy(journal_t *journal) | |||
| 1160 | journal_destroy_revoke(journal); | 1168 | journal_destroy_revoke(journal); |
| 1161 | kfree(journal->j_wbuf); | 1169 | kfree(journal->j_wbuf); |
| 1162 | kfree(journal); | 1170 | kfree(journal); |
| 1171 | |||
| 1172 | return err; | ||
| 1163 | } | 1173 | } |
| 1164 | 1174 | ||
| 1165 | 1175 | ||
| @@ -1359,10 +1369,16 @@ int journal_flush(journal_t *journal) | |||
| 1359 | spin_lock(&journal->j_list_lock); | 1369 | spin_lock(&journal->j_list_lock); |
| 1360 | while (!err && journal->j_checkpoint_transactions != NULL) { | 1370 | while (!err && journal->j_checkpoint_transactions != NULL) { |
| 1361 | spin_unlock(&journal->j_list_lock); | 1371 | spin_unlock(&journal->j_list_lock); |
| 1372 | mutex_lock(&journal->j_checkpoint_mutex); | ||
| 1362 | err = log_do_checkpoint(journal); | 1373 | err = log_do_checkpoint(journal); |
| 1374 | mutex_unlock(&journal->j_checkpoint_mutex); | ||
| 1363 | spin_lock(&journal->j_list_lock); | 1375 | spin_lock(&journal->j_list_lock); |
| 1364 | } | 1376 | } |
| 1365 | spin_unlock(&journal->j_list_lock); | 1377 | spin_unlock(&journal->j_list_lock); |
| 1378 | |||
| 1379 | if (is_journal_aborted(journal)) | ||
| 1380 | return -EIO; | ||
| 1381 | |||
| 1366 | cleanup_journal_tail(journal); | 1382 | cleanup_journal_tail(journal); |
| 1367 | 1383 | ||
| 1368 | /* Finally, mark the journal as really needing no recovery. | 1384 | /* Finally, mark the journal as really needing no recovery. |
| @@ -1384,7 +1400,7 @@ int journal_flush(journal_t *journal) | |||
| 1384 | J_ASSERT(journal->j_head == journal->j_tail); | 1400 | J_ASSERT(journal->j_head == journal->j_tail); |
| 1385 | J_ASSERT(journal->j_tail_sequence == journal->j_transaction_sequence); | 1401 | J_ASSERT(journal->j_tail_sequence == journal->j_transaction_sequence); |
| 1386 | spin_unlock(&journal->j_state_lock); | 1402 | spin_unlock(&journal->j_state_lock); |
| 1387 | return err; | 1403 | return 0; |
| 1388 | } | 1404 | } |
| 1389 | 1405 | ||
| 1390 | /** | 1406 | /** |